Leidos
Description
Leidos is seeking a highly motivated and experienced Cyber Threat Hunter to join our DHS NOSC Cyber Team. This role supports the Department of Homeland Security's mission to protect its enterprise-wide information systems from cyber threats through proactive monitoring, intrusion detection, and security services.
The ideal candidate is process-driven, inquisitive, and skilled at identifying patterns and anomalies in complex datasets.
About DHS NOSC
The Network Operations Security Center (NOSC) is a U.S. Government program responsible for preventing, identifying, containing, and eradicating cyber threats across DHS networks. NOSC provides monitoring, intrusion detection, and protective services for DHS information systems, including: LAN/WAN infrastructure
Public-facing websites
Wireless and mobile/cellular networks
Cloud environments
Security devices, servers, and workstations
NOSC oversees the overall security of DHS enterprise systems and investigates and reports suspected or confirmed security violations. Primary Responsibilities
Develop threat models to assess the DHS IT enterprise, identify defensive gaps, and prioritize mitigations
Author, update, and maintain SOPs, playbooks, and work instructions
Use threat intelligence and models to formulate threat hypotheses
Plan and execute threat hunt missions to validate hypotheses
Proactively search systems and networks for advanced threats
Analyze host, network, and application logs, malware, and code
Prepare and present risk analyses and threat findings to stakeholders
Recommend and assist in developing new security content (e.g., signatures, alerts, workflows, automation)
Collaborate across teams to enhance threat detection, response, and overall security posture
Basic Qualifications
Active TS/SCI clearance ; must also obtain a favorable Entry on Duty (EOD) determination from DHS HQ
Bachelor's degree in IT, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering from an ABET or NCAE-C designated institution
Minimum 8-12 years of relevant experience (SOC Analyst, Incident Responder) A bachelor's degree may substitute for up to 1 year of experience
A master's degree may substitute for up to 2 years of experience
At least two certifications from the following: Security+, PenTest+, Cloud+, GSEC, CEH, CCE, CFR, CySA+, GCFA, GCIA, GCIH, GDSA, GICSP
Strong ability to work independently; self-starter and self-motivated
Must be a U.S. Citizen
Preferred Qualifications
Expertise in network and host-based analysis and investigation
Experience planning and executing threat hunt missions
Understanding of enterprise network architecture (routing, switching, firewalls, proxies, load balancers)
Completion of military cyber training courses: 4-11-C32-255S (CP), 4C-255N (CP), or 4C-255A (CP)
Working knowledge of networking protocols (HTTP, DNS, SMB, etc.)
Familiarity with Windows and Linux operating systems
Proficiency in scripting languages (Python, PowerShell)
Experience with Splunk SPL and/or Elastic DSL
Proven ability to triage and respond to APT activities
Experience with cloud and container platforms (AWS, Azure, O365, etc.)
Deep understanding of the cyber threat landscape and adversary tactics
Prior experience on a federal government threat hunt team, especially DHS or DoD
Come break things (in a good way). Then build them smarter. We're the tech company everyone calls when things get weird. We don't wear capes (they're a safety hazard), but we do solve high-stakes problems with code, caffeine, and a healthy disregard for "how it's always been done." Original Posting:
October 6, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above. Pay Range:
Pay Range $104,650.00 - $189,175.00
The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
The Network Operations Security Center (NOSC) is a U.S. Government program responsible for preventing, identifying, containing, and eradicating cyber threats across DHS networks. NOSC provides monitoring, intrusion detection, and protective services for DHS information systems, including: LAN/WAN infrastructure
Public-facing websites
Wireless and mobile/cellular networks
Cloud environments
Security devices, servers, and workstations
NOSC oversees the overall security of DHS enterprise systems and investigates and reports suspected or confirmed security violations. Primary Responsibilities
Develop threat models to assess the DHS IT enterprise, identify defensive gaps, and prioritize mitigations
Author, update, and maintain SOPs, playbooks, and work instructions
Use threat intelligence and models to formulate threat hypotheses
Plan and execute threat hunt missions to validate hypotheses
Proactively search systems and networks for advanced threats
Analyze host, network, and application logs, malware, and code
Prepare and present risk analyses and threat findings to stakeholders
Recommend and assist in developing new security content (e.g., signatures, alerts, workflows, automation)
Collaborate across teams to enhance threat detection, response, and overall security posture
Basic Qualifications
Active TS/SCI clearance ; must also obtain a favorable Entry on Duty (EOD) determination from DHS HQ
Bachelor's degree in IT, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering from an ABET or NCAE-C designated institution
Minimum 8-12 years of relevant experience (SOC Analyst, Incident Responder) A bachelor's degree may substitute for up to 1 year of experience
A master's degree may substitute for up to 2 years of experience
At least two certifications from the following: Security+, PenTest+, Cloud+, GSEC, CEH, CCE, CFR, CySA+, GCFA, GCIA, GCIH, GDSA, GICSP
Strong ability to work independently; self-starter and self-motivated
Must be a U.S. Citizen
Preferred Qualifications
Expertise in network and host-based analysis and investigation
Experience planning and executing threat hunt missions
Understanding of enterprise network architecture (routing, switching, firewalls, proxies, load balancers)
Completion of military cyber training courses: 4-11-C32-255S (CP), 4C-255N (CP), or 4C-255A (CP)
Working knowledge of networking protocols (HTTP, DNS, SMB, etc.)
Familiarity with Windows and Linux operating systems
Proficiency in scripting languages (Python, PowerShell)
Experience with Splunk SPL and/or Elastic DSL
Proven ability to triage and respond to APT activities
Experience with cloud and container platforms (AWS, Azure, O365, etc.)
Deep understanding of the cyber threat landscape and adversary tactics
Prior experience on a federal government threat hunt team, especially DHS or DoD
Come break things (in a good way). Then build them smarter. We're the tech company everyone calls when things get weird. We don't wear capes (they're a safety hazard), but we do solve high-stakes problems with code, caffeine, and a healthy disregard for "how it's always been done." Original Posting:
October 6, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above. Pay Range:
Pay Range $104,650.00 - $189,175.00
The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.